When a job executes, it usually needs to access objects in CloudBees CD/RO. For example, a job step command may refer to a parameter value, which is a property associated with the job object, or a step may invoke ectool to modify properties or any other CloudBees CD/RO state. This process leads to questions:
- Under which username does the job execute?
Procedures always run under the project principal user ID for the project that contains the procedure. If a procedure invokes a subprocedure in another project, that subprocedure will run under its own project’s project principal and the project principal of its calling procedure. When a procedure is running under multiple project principals, its steps will perform any operations for which any one of its project principals allow.
- How does CloudBees CD/RO initialize job permissions when the job starts?
This question pertains to job object permissions. When a job starts, CloudBees CD/RO sets full access control entries on the job for the project principal and the user who launched the job—assuming the job was launched by a user and not a schedule.
- What permissions are needed to abort a job?
Aborting a job requires execute permission on the job. If a job is launched by a user, that user is given all privileges on the job. If a job is launched by a schedule, the schedule’s execute privileges are copied to the job.
The access control system determines whether jobs can be executed or not.
For a user to run a job without creating a schedule, the user must have execute permission on the top-level procedure being executed.
To create a schedule to run a procedure, a user must have modify permission for the project containing the schedule. After a schedule is created, no additional permissions are required to start jobs under the auspices of that schedule.